CVE-2020-7696

Опубликовано: 17 июл. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.

Ссылки

https://github.com/DylanVann/react-native-fast-image/issues/690
Exploit
Third Party Advisory
https://github.com/DylanVann/react-native-fast-image/pull/691
Exploit
Issue Tracking
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-REACTNATIVEFASTIMAGE-572228
Exploit
Patch
Third Party Advisory
https://github.com/DylanVann/react-native-fast-image/issues/690
Exploit
Third Party Advisory
https://github.com/DylanVann/react-native-fast-image/pull/691
Exploit
Issue Tracking
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-REACTNATIVEFASTIMAGE-572228
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:react-native-fast-image_project:react-native-fast-image:*:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00455

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-6xhg-q9c8-rj32